Developers and online service providers have to consider security threats while developing and providing online services to users. For example, if users' information is compromised through a particular online service, the users' personal information may be used to steal or hijack the users' identity, i.e., identity theft. Although a stolen identity can lead to monetary losses, at least as significant is the fact that the victims of identity theft, i.e., the users, are subject to feeling vulnerable and may associate their vulnerability with the online service provider. As an example, when a large U.S. retailer forfeited over 100 million shoppers' bank/credit card information to hackers in 2013, the retailer was immediately subject to losses of confidence by both its customers and its investors. Hence, inattention to security threats can affect the short-term and long-term success of a company, e.g., an online service provider, in a marketplace.
The quantity of potential security threats in existence can be overwhelming for both service providers and the developers that maintain the operations of the online services. What is needed is a method and system for providing a security threat scoring service to identify and prioritize potential security threats for service providers and developers.